5.9

CVSS Score

3.0

Basic Information

CVE ID

CVE-2016-6624

GHSA ID

GHSA-mhxj-6vf8-mwv3

EPSS Score

0.54435%

CWE

Published

5/17/2022

Updated

4/24/2024

KEV Status

Technology

PHP

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2016-6624

CVE-2016-6624:
phpMyAdmin IPv6 and proxy server IP-based authentication rule circumvention

An issue was discovered in phpMyAdmin involving improper enforcement of the IP-based authentication rules. When phpMyAdmin is used with IPv6 in a proxy server environment, and the proxy server is in the allowed range but the attacking computer is not allowed, this vulnerability can allow the attacking computer to connect despite the IP rules. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.

(GitHub Advisory)

5.9

CVSS Score

3.0

Basic Information

CVE ID

CVE-2016-6624

GHSA ID

GHSA-mhxj-6vf8-mwv3

EPSS Score

0.54435%

CWE

Published

5/17/2022

Updated

4/24/2024

KEV Status

Technology

PHP

Technical Details

CVSS Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
phpmyadmin/phpmyadmin	composer	>= 4.6, < 4.6.4	4.6.4
phpmyadmin/phpmyadmin	composer	>= 4.4, < 4.4.15.8	4.4.15.8
phpmyadmin/phpmyadmin	composer	>= 4.0, < 4.0.10.17	4.0.10.17

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from improper IP validation in proxy environments using IPv6. The core issue involves two key functions: 1) checkIPAllowDeny, responsible for enforcing IP-based access rules, which failed to properly verify if the client IP (from X-Forwarded-For) was allowed when behind an authorized proxy. 2) getClientIp, which likely mishandled IPv6 address parsing from headers. This is supported by the patched commits modifying IP validation logic and the vulnerability's nature (CWE-661 - Improper Enforcement of Authorization Rules). The confidence is high as the vulnerability directly maps to IP handling functions in the authentication workflow.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*n issu* w*s *is*ov*r** in p*pMy**min involvin* improp*r *n*or**m*nt o* t** IP-**s** *ut**nti**tion rul*s. W**n p*pMy**min is us** wit* IPv* in * proxy s*rv*r *nvironm*nt, *n* t** proxy s*rv*r is in t** *llow** r*n** *ut t** *tt**kin* *omput*r is not

Reasoning

T** vuln*r**ility st*ms *rom improp*r IP v*li**tion in proxy *nvironm*nts usin* IPv*. T** *or* issu* involv*s two k*y *un*tions: *) `****kIP*llow**ny`, r*sponsi*l* *or *n*or*in* IP-**s** ****ss rul*s, w*i** **il** to prop*rly v*ri*y i* t** *li*nt IP

5.9

Basic Information

Concerned about an active attack path?

CVE-2016-6624: phpMyAdmin IPv6 and proxy server IP-based authentication rule circumvention

5.9

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2016-6624:
phpMyAdmin IPv6 and proxy server IP-based authentication rule circumvention

Vulnerability Intelligence
Miggo AI